CVE-2026-7811

MEDIUM EPSS 33.5%

Published May 5, 20261mo ago · Modified Jun 17, 20261w ago

5.5 CVSS 4.0

Medium

Published May 5, 2026 1mo ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Details

Base Score

5.5

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

33.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

References 5

github.com https://github.com/54yyyu/code-mcp/
github.com https://github.com/54yyyu/code-mcp/issues/4
vuldb.com https://vuldb.com/submit/807751
vuldb.com https://vuldb.com/vuln/361071
vuldb.com https://vuldb.com/vuln/361071/cti

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.